Paper 2023/263

DualMS: Efficient Lattice-Based Two-Round Multi-Signature with Trapdoor-Free Simulation

Yanbo Chen, University of Ottawa

A multi-signature scheme allows multiple signers to jointly sign a common message. In recent years, two lattice-based two-round multi-signature schemes based on Dilithium-G were proposed: DOTT by Damgård, Orlandi, Takahashi, and Tibouchi (PKC'21) and Musig-L by Boschini, Takahashi, and Tibouchi (CRYPTO'22). In this work, we propose a new lattice-based two-round multi-signature scheme called DualMS. Compared to DOTT, DualMS is likely to significantly reduce signature size, since it replaces an opening to a homomorphic trapdoor commitment with a Dilithium-G response in the signature. Compared to Musig-L, concrete parameters show that DualMS has smaller public keys, signatures, and lower communication, while the first round cannot be preprocessed offline as in Musig-L. The main reason behind such improvements is a trapdoor-free "dual signing simulation" of our scheme. Signature simulation of DualMS is virtually the same as the normal signing procedure and does not use lattice trapdoors like DOTT and Musig-L.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2023
Multi-signatureDilithiumFiat-Shamir with abortsLatticePost-quantum
Contact author(s)
ychen918 @ uottawa ca
2023-06-08: revised
2023-02-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yanbo Chen},
      title = {{DualMS}: Efficient Lattice-Based Two-Round Multi-Signature with Trapdoor-Free Simulation},
      howpublished = {Cryptology ePrint Archive, Paper 2023/263},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.